As a valued partner in supporting the Designated Ministries of the Catholic Services Appeal Foundation, we are writing to inform you that our Database provider, Blackbaud, Inc. has recently notified us of a global security incident which may have involved personal information of our constituents.
The security and protection of confidential information is of the utmost importance to the CSAF and we are sending this notice out of an abundance of caution. Please note that your bank account information and/or credit or debit card numbers were not accessed or compromised in this incident.
Blackbaud, Inc. recently notified us that they discovered and stopped a ransomware attack of nonprofits all over the world who utilize their database. After further review by Blackbaud’s Cyber Security team, independent forensics experts and law enforcement, it was determined that the attackers had been able to remove some customer data including names and contact information such as mailing addresses, phone numbers and email addresses, and a giving history with our organization. Blackbaud paid the cybercriminal’s demand with confirmation that the information file has been destroyed. Blackbaud continues to monitor the situation and has not found any exposed customer data online.
To reiterate, information such as bank account information, credit and debit card numbers, and other sensitive information were encrypted and were not compromised. As part of ongoing security measures, Blackbaud has implemented additional changes to protect data from subsequent incidents.
We sincerely apologize for this incident and will continue to work to ensure that necessary measures are in place to limit risks in the future. We thank you for your partnership with the CSAF. Should you have any further questions or concerns regarding this matter, please do not hesitate to contact us at firstname.lastname@example.org or 612-294-6622.